Error Codes

The following are the run-time error codes, defined in
Wspfwerr.h, that may be returned by the Microsoft
Firewall service and may appear as result codes in
Forefront TMG logs. Note that error codes with a message identifier
equal to or greater than 0xC0040039 are introduced in Forefront
TMG.

Symbolic name

Hexidecimal ID

Message text

FWX_E_TERMINATING

0xC0040001

The object is shutting down.

FWX_E_INVALID_ARG

0xC0040002

The argument is invalid.

FWX_E_ALREADY_IN_BLOCKING_OP

0xC0040003

The blocking operation is already started.

FWX_E_NOT_IN_BLOCKING_OP

0xC0040004

There is no blocking operation to be ended.

FWX_E_FILTER_NOT_REGISTERED

0xC0040005

The filter is not registered.

FWX_E_ALREADY_EXISTS

0x800700B7

The object cannot be created because an object with the same
name already exists.

FWX_E_BUFFERFULL

0xC0040007

Not all the data was appended to the buffer object because the
buffer was full.

FWX_E_ALREADY_EMULATED

0xC0040009

The connection is already emulated by another filter.

FWX_E_BAD_CONTEXT

0xC004000A

The method was not called while handling any of the supported
events.

FWX_E_NOT_SUPPORTED

0xC004000B

Modifying this property is not allowed for this session.

FWX_E_NOT_AUTHENTICATED

0xC004000C

The action cannot be performed because the session is not
authenticated.

FWX_E_POLICY_RULES_DENIED

0xC004000D

The policy rules do not allow the user request.

FWX_E_MIME_NEEDED

0xC004000E

The MIME type is required.

FWX_E_MUST_USE_DS

0xC004000F

(Reserved for future use.)

FWX_E_NOT_EMULATED

0xC0040010

The connection is not emulated.

FWX_E_IS_BUSY

0xC0040011

A connection was dropped because there are too many pending
connection requests.

FWX_E_NETWORK_RULES_DENIED

0xC0040012

The network rules do not allow the connection requested.

FWX_E_FRAGMENT_PACKET_DROPPED

0xC0040013

A packet was dropped because it contained an IP fragment that
Forefront TMG is configured to block.

FWX_E_FWE_SPOOFING_PACKET_DROPPED

0xC0040014

A packet was dropped because Forefront TMG determined that the
source IP address is spoofed.

FWX_E_TCPIPDROP_PACKET_DROPPED

0xC0040015

A packet was dropped by the TCP/IP stack.

FWX_E_NO_BACKLOG_PACKET_DROPPED

0xC0040016

A packet was dropped because the rate of requests for incoming
connections was too high.

FWX_E_TCP_NOT_SYN_PACKET_DROPPED

0xC0040017

A non-SYN packet was dropped because it was sent by a source
that does not have an established connection with the Forefront TMG
computer.

FWX_E_BAD_LENGTH_PACKET_DROPPED

0xC0040018

A packet was dropped because its IP length field does not fall
within the allowed range or is inconsistent with the actual
length.

FWX_E_PING_OF_DEATH_PACKET_DROPPED

0xC0040019

A packet was dropped because Forefront TMG detected a
ping-of-death attack.

FWX_E_OUT_OF_BAND_PACKET_DROPPED

0xC004001A

A packet was dropped because Forefront TMG detected a Windows
out-of-band (WinNuke) attack.

FWX_E_IP_HALF_SCAN_PACKET_DROPPED

0xC004001B

A packet was dropped because Forefront TMG detected an IP
half-scan attack.

FWX_E_LAND_ATTACK_DROPPED

0xC004001C

A packet was dropped because Forefront TMG detected a land
attack.

FWX_E_UDP_BOMB_DROPPED

0xC004001D

A packet was dropped because Forefront TMG detected a UDP bomb
attack.

FWX_E_FULLDENY_DROPPED

0xC004001E

A packet was dropped because Forefront TMG is operating in
lockdown mode. (Note that no logging is performed by Forefront TMG
in lockdown mode.)

FWX_E_IPOPTIONS_DROPPED

0xC004001F

A packet was dropped because its header includes one or more IP
options that Forefront TMG is configured to block.

FWX_E_UNCOMPLETED_CONNECTION_REQUEST

0xC0040020

An attempt to log on to the VPN server was rejected during the
authentication phase because the authentication data was not
received in a timely manner. The client session was
disconnected.

FWX_E_CONNECTION_REQUEST_REJECTED

0xC0040021

An attempt to log on to the VPN server was rejected during the
authentication phase. The client session was disconnected.

FWX_E_VALIDATE_QUARANTINE_FAILED

0xC0040022

The VPN quarantine settings could not be validated. The client
session was disconnected.

FWX_E_VPN_CONNECTIONS_LIMIT_EXCEEDED

0xC0040023

The VPN client connection limit was exceeded. The client
session was disconnected.

FWX_E_OUT_OF_RESOURCES

0xC0040024

A packet was dropped because there are insufficient
resources.

FWX_E_BROADCAST_PACKET_DROPPED

0xC0040025

A broadcast packet was dropped by the Forefront TMG
policy.

FWX_E_UNKNOWN_ADAPTER_DROPPED

0xC0040026

(Reserved for future use.)

FWX_E_ICMP_ERROR_PACKET_DROPPED

0xC0040027

(Reserved for future use.)

FWX_E_INVALID_PROTCOL_PACKET_DROPPED

0xC0040028

A packet was dropped because its header specifies an invalid IP
protocol (255) or address (0.0.0.0).

FWX_E_PORT_ZERO_PACKET_DROPPED

0xC0040029

A packet was dropped because its transport header specifies an
invalid port (0).

FWX_E_SYN_ATTACK_START

0xC004002A

Forefront TMG detected a SYN attack.

FWX_E_SYN_ATTACK_END

0xC004002B

Forefront TMG is no longer experiencing a SYN attack.

FWX_E_INVALID_DHCP_OFFER

0xC004002C

An invalid DHCP offer was blocked.

FWX_E_UNREACHABLE_ADDRESS

0xC004002D

A packet was dropped because its destination IP address is
unreachable.

FWX_E_ADDRESS_NOT_ALLOWED

0xC004002E

An attempt to establish a connection by an application filter
was rejected because the source address is not in a range that is
allowed for the destination address.

FWX_E_IPSEC_NO_ROUTE_DROPPED

0xC004002F

A packet arriving through an IPsec tunnel was rejected because
its source address is not expected for the tunnel.

FWX_E_OUTBOUND_PATH_THROUGH_DROPPED

0xC0040030

A packet generated on the local host was rejected because its
source IP address is assigned to one network adapter and its
destination IP address is reachable through another network
adapter.

FWX_E_BAD_TCP_CHECKSUM_DROPPED

0xC0040031

A packet was dropped because verification of its TCP checksum
failed.

FWX_E_VPN_USER_MAPPING_FAILED

0xC0040032

An attempt to map a VPN client to a Windows user failed. The
client session was disconnected.

FWX_E_RULE_QUOTA_EXCEEDED_DROPPED

0xC0040033

A connection was rejected because the connection limit
specifying the maximum number of connections that can be created
for a rule during one second was exceeded.

FWX_E_SEQ_ACK_MISMATCH

0xC0040034

A TCP packet was rejected because it has an invalid sequence
number or an invalid acknowledgement number.

FWX_E_THREAD_QUOTA_EXCEEDED

0xC0040035

A blocking operation could not be performed because the thread
limit for this operation was reached.

FWX_E_DNS_QUOTA_EXCEEDED

0xC0040036

A DNS query could not be performed because the query limit was
reached.

FWX_E_TCP_RATE_QUOTA_EXCEEDED_DROPPED

0xC0040037

A connection was rejected because the connection limit
specifying the maximum number of concurrent connections for a
single client host was exceeded.

FWX_E_TCP_NO_SERVER_REPLY

0xC0040038

A connection was closed because no SYN/ACK reply was received
from the server.

FWX_E_POLICY_CONNECTION_CLOSED

0xC0040039

An existing connection was closed because it is no longer
allowed by the policy.

FWX_E_NAT_ADDRESS_NOT_AVAILABLE

0xC004003A

A network rule specifies a NAT relationship, but no local IP
address is available for NAT on the server.

FWX_E_IPS_BLOCKED

0xC004003B

The connection was blocked by the Network Inspection System
(NIS) (not supported by Forefront TMG Medium Business
Edition).

FWX_E_IPS_DETECTED

0xC004003C

The Network Inspection System (NIS) detected traffic that
matches a vulnerability signature (not supported by Forefront TMG
Medium Business Edition).

FWX_E_CONNECTION_QUARANTINED

0xC004003D

The connection was closed because the client was
quarantined.

FWX_E_FW_IPSEC_DROPPED

0xC004003E

A packet was dropped due to periodic inconsistency between the
IPsec policy and the Forefront TMG's snapshot of the IPSsec
policy.

FWX_E_TRANSITION_DROPPED

0xC004003F

A packet was dropped while adjusting the Forefront TMG behavior
to a new IPsec policy.

FWX_E_BOTH_ADRESSES_BELONG_TO_SAME_NETWORK

0xC0040040

Both input addresses belong to the same network.

FWX_E_UNSUPPORTED_IPV6_DROPPED

0xC0040041

A packet was dropped because the IPv6 protocol is not
supported.

FWX_E_INVALID_ROUTER_ADV

0xC0040042

An invalid IPv6 router advertisement was detected.

FWX_E_IPV6_ROUTING_HEADER

0xC0040043

An IPv6 routing header was found.

FWE_E_FAIL_TRANSACT_TO_TRANSITION_TO_IPSEC

0xC0040044

The firewall engine failed to apply the IPsec
configuration.

FWE_E_FAIL_TRANSACT_TO_IPSEC

0xC0040045

The firewall engine entered an invalid state.

The following are additional run-time codes that may be returned
by the Firewall service and may appear as result codes in Forefront
TMG logs.

Symbolic name

Hexidecimal ID

Description

WSA_RWS_GRACEFUL_SHUTDOWN or FWX_E_GRACEFUL_SHUTDOWN

0x80074E20

A connection was gracefully closed in an orderly shutdown
process with a three-way FIN-initiated handshake.

WSA_RWS_ABORTIVE_SHUTDOWN or FWX_E_ABORTIVE_SHUTDOWN

0x80074E21

A connection was abortively closed after one of the peers sent
an RST packet.

WSA_RWS_QUOTA or FWX_E_RULE_QUOTA_EXCEEDED_DROPPED

0x80074E23

A connection was rejected because the connection limit
specifying the maximum number of connections that can be created
for a rule during one second was exceeded.

WSA_RWS_CONNECTION_KILLED or FWX_E_CONNECTION_KILLED

0x80074E24

Forefront TMG closed an established connection before either
peer requested to close it. This typically occurs when an
application filter detects a protocol violation, such as a
malformed HTTP request.

WSA_RWS_TIMEOUT or FWX_E_TIMEOUT

0x80074E25

A connection was terminated because it was idle for more than
the time-out period, or the time-out on an incompleted action
expired.

WSA_RWS_ADMIN_TERMINATE or FWX_E_ADMIN_TERMINATE

0x80074E26

A connetion was terminated from Forefront TMG Management,
during shutdown, or when a VPN client was disconnected.